Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[DRAFT] Node: Governor token list automated updates #3584

Closed
wants to merge 7 commits into from
Closed

[DRAFT] Node: Governor token list automated updates #3584

wants to merge 7 commits into from

Conversation

djb15
Copy link
Collaborator

@djb15 djb15 commented Dec 8, 2023
edited by claudijd
Loading

Alright so this change could theoretically create a PR that has the following body (i.e. where you're reading this now):

Tokens before = 1048
Tokens after = 1048

Tokens added = 0:

[]

Tokens removed = 0:

[]

Tokens with significant price changes (>30%) = 0:

[]

HOWEVER, as detailed here we'd need to give Github Actions permissions to do this in the UI; the permissions specified in the workflow file aren't sufficient.

Options:

  1. Tick the checkbox to give Github Actions this permission. This is overly permissive compared to what I would like.
  2. Email the above body to myself or the WH security contributors to manually create the PR. We can still push the changes to a branch, we'd just need someone to come open the PR in the UI and paste the above in the PR body. We'd need to create a couple of GH secrets for some of the email action arguments.

Would be good to get another opinion on which route we should go down. Tradeoffs boil down to effort vs permissiveness so I'd tend to lean towards #2 out of an abundance of caution.

@djb15 djb15 changed the title [DRAFT] Node/governor token list [DRAFT] Node: Governor token list automated updates Dec 8, 2023
@djb15 djb15 closed this Dec 8, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@claudijd claudijd Awaiting requested review from claudijd claudijd will be requested when the pull request is marked ready for review claudijd is a code owner

@SEJeff SEJeff Awaiting requested review from SEJeff SEJeff will be requested when the pull request is marked ready for review SEJeff is a code owner

@johnsaigle johnsaigle Awaiting requested review from johnsaigle johnsaigle will be requested when the pull request is marked ready for review johnsaigle is a code owner

@evan-gray evan-gray Awaiting requested review from evan-gray evan-gray will be requested when the pull request is marked ready for review evan-gray is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@djb15